tree: https://git.kernel.org/pub/scm/linux/kernel/git/peterz/queue.git x86/pti head: 767d46ab566dd489733666efe48732d523c8c332 commit: a9210620ec360f7375282ff1d35c8f8016ccc986 [3/5] x86/mm: Optionally flush L1D on context switch config: i386-randconfig-s002-20200916 (attached as .config) compiler: gcc-9 (Debian 9.3.0-15) 9.3.0 reproduce: # apt-get install sparse # sparse version: v0.6.2-201-g24bdaac6-dirty git checkout a9210620ec360f7375282ff1d35c8f8016ccc986 # save the attached .config to linux build tree make W=1 C=1 CF='-fdiagnostic-prefix -D__CHECK_ENDIAN__' ARCH=i386 If you fix the issue, kindly add following tag as appropriate Reported-by: kernel test robot <lkp(a)intel.com&gt; sparse warnings: (new ones prefixed by >>) # https://git.kernel.org/pub/scm/linux/kernel/git/peterz/queue.git/commit/?... git remote add peterz-queue https://git.kernel.org/pub/scm/linux/kernel/git/peterz/queue.git git fetch --no-tags peterz-queue x86/pti git checkout a9210620ec360f7375282ff1d35c8f8016ccc986 vim +426 arch/x86/mm/tlb.c 347 348 static void cond_mitigation(struct task_struct *next) 349 { 350 unsigned long prev_mm, next_mm; 351 352 if (!next || !next->mm) 353 return; 354 355 next_mm = mm_mangle_tif_spec_bits(next); 356 prev_mm = this_cpu_read(cpu_tlbstate.last_user_mm_spec); 357 358 /* 359 * Avoid user/user BTB poisoning by flushing the branch predictor 360 * when switching between processes. This stops one process from 361 * doing Spectre-v2 attacks on another. 362 * 363 * Both, the conditional and the always IBPB mode use the mm 364 * pointer to avoid the IBPB when switching between tasks of the 365 * same process. Using the mm pointer instead of mm->context.ctx_id 366 * opens a hypothetical hole vs. mm_struct reuse, which is more or 367 * less impossible to control by an attacker. Aside of that it 368 * would only affect the first schedule so the theoretically 369 * exposed data is not really interesting. 370 */ 371 if (static_branch_likely(&switch_mm_cond_ibpb)) { 372 /* 373 * This is a bit more complex than the always mode because 374 * it has to handle two cases: 375 * 376 * 1) Switch from a user space task (potential attacker) 377 * which has TIF_SPEC_IB set to a user space task 378 * (potential victim) which has TIF_SPEC_IB not set. 379 * 380 * 2) Switch from a user space task (potential attacker) 381 * which has TIF_SPEC_IB not set to a user space task 382 * (potential victim) which has TIF_SPEC_IB set. 383 * 384 * This could be done by unconditionally issuing IBPB when 385 * a task which has TIF_SPEC_IB set is either scheduled in 386 * or out. Though that results in two flushes when: 387 * 388 * - the same user space task is scheduled out and later 389 * scheduled in again and only a kernel thread ran in 390 * between. 391 * 392 * - a user space task belonging to the same process is 393 * scheduled in after a kernel thread ran in between 394 * 395 * - a user space task belonging to the same process is 396 * scheduled in immediately. 397 * 398 * Optimize this with reasonably small overhead for the 399 * above cases. Mangle the TIF_SPEC_IB bit into the mm 400 * pointer of the incoming task which is stored in 401 * cpu_tlbstate.last_user_mm_spec for comparison. 402 * 403 * Issue IBPB only if the mm's are different and one or 404 * both have the IBPB bit set. 405 */ 406 if (next_mm != prev_mm && 407 (next_mm | prev_mm) & LAST_USER_MM_IBPB) 408 indirect_branch_prediction_barrier(); 409 } 410 411 if (static_branch_unlikely(&switch_mm_always_ibpb)) { 412 /* 413 * Only flush when switching to a user space task with a 414 * different context than the user space task which ran 415 * last on this CPU. 416 */ 417 if ((prev_mm & ~LAST_USER_MM_SPEC_MASK) != 418 (unsigned long)next->mm) 419 indirect_branch_prediction_barrier(); 420 } 421 422 /* 423 * Flush only if SMT is disabled as per the contract, which is checked 424 * when the feature is enabled. 425 */ 427 (prev_mm & LAST_USER_MM_L1D_FLUSH)) 428 l1d_flush_hw(); 429 430 this_cpu_write(cpu_tlbstate.last_user_mm_spec, next_mm); 431 } 432 --- 0-DAY CI Kernel Test Service, Intel Corporation https://lists.01.org/hyperkitty/list/kbuild-all@lists.01.org